Important notice
This document is based on Traklyn's actual product features and data practices. It is provided for transparency and is not legal advice. For legal questions, consult a qualified lawyer familiar with Canadian privacy law (PIPEDA), provincial employment rules, and biometric privacy requirements.
- Effective date
- June 1, 2025
- Last updated
- June 1, 2025
- Operator
- Nexsysi · Powered by Nexsys-i
- Product
- Traklyn workforce platform
1. Introduction
Nexsysi ("Traklyn," "we," "us," or "our") operates the Traklyn workforce management platform, including the Traklyn web application (https://app.traklyn.com), kiosk timekeeping interfaces, related APIs and support services, and this marketing website (https://traklyn.com).
This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Traklyn.
Traklyn is a business-to-business (B2B) platform used by healthcare and staffing organizations to manage scheduling, timekeeping, workforce coordination, documents, notifications, and payroll-related hours.
2. Who This Policy Applies To
| User type | Examples |
|---|---|
| Organization administrators | Client Super Admin, Client Admin, Agency Super Admin, Agency Admin |
| Platform administrators | Traklyn Super Admin |
| Employees / team members | Staff who use the Employee Portal |
| Kiosk users | Employees who clock in/out at an on-site kiosk device |
| Website visitors | People who contact us through the marketing site or support form |
3. Our Role: Controller vs. Service Provider
3.1 When we act as a service provider (processor)
For most workforce data entered into Traklyn by a customer organization (a client facility, staffing agency, or employer), that organization is the organization responsible for the data. Traklyn processes that information on the organization's instructions to provide the Service.
Examples: employee names, schedules, timesheets, pay rates, documents, biometric enrollment, and kiosk punch records entered by or on behalf of your employer.
If you are an employee, questions about why your data is collected, how long it is kept, or requests to access or correct employment records should generally be directed to your employer or staffing agency first. We will assist our customer organizations as required.
3.2 When we act as the organization responsible for the data
We are responsible for personal information we collect directly for our own purposes, including Traklyn platform account administration for paying customers, marketing website contact and demo inquiries, support requests sent to support@traklyn.com, and our own security, billing, and legal compliance.
4. Information We Collect
The following describes personal and sensitive information processed through Traklyn based on how the application is built today.
4.1 Account and profile information
- Full name, email address, username, and phone number
- Mailing address (address lines, city, postal code, country)
- Password stored using industry-standard encryption — not plain text
- Organization affiliation, role, profile photo, and account status
- Email notification preferences and password reset tokens
- Account creation, update, and deactivation timestamps
4.2 Employee / team member information
- Employee ID, job position(s), and pay rates (compensation data)
- Sex, date of birth, employment start date, and employment type
- Onboarding status and welcome email timestamps
- Contact details stored on the linked user account
4.3 Organization information
- Organization name, type, and industry
- Business address and active status
- Pay period settings and kiosk enabled flag
- Biometric face collection identifier when kiosk biometrics are enabled
- Administrator contact details
4.4 Scheduling and workforce operations
Depending on how your organization uses Traklyn, we process agency shifts, internal schedules, pattern templates, shift statuses, assignments, comments, release notes, call-in reasons, replacements, and shift change audit logs.
4.5 Timesheet information
We process check-in/out times, total hours, break time, notes, approval status, approver identity, and — for kiosk punches — a face_verified flag when biometric verification is used.
4.6 Payroll and PayHub data
For agencies using PayHub, we process pay hours, statutory holiday flags, adjusted pay rates, pay period locks, payroll settings, and generated payroll report files stored securely in the cloud.
4.7 Documents
Organizations may upload employee compliance documents (PDF, JPG, PNG, DOC, DOCX, TXT) stored securely in the cloud. Limits: up to 15 documents per user; maximum 15 MB per document.
4.8 Biometric and kiosk data (high sensitivity)
| Data | Purpose | Storage |
|---|---|---|
| Face enrollment reference photo | Create biometric template for identity verification | Secure cloud storage |
| Face index ID | Match face during clock-in/out | Secure biometric service per organization |
| 4-digit employee PIN | Identify employee at kiosk before face scan | Database |
| Kiosk punch records | Clock-in/out audit trail | Database |
| Live face/liveness session | Verify person is present and matches enrolled face | Secure identity verification service |
Punch verification images from liveness are processed for matching; the app stores the enrollment reference photo and punch metadata, not a separate stored photo for every punch. See our Kiosk & Biometric Notice for employee-facing details.
4.9 Notifications and communications
In-app and email notifications may include shift events, assignment updates, and account messages. We send transactional emails, including welcome emails, password resets, shift notifications, schedule updates, PayHub reports, and support request forwarding.
4.10 Support and contact information
When you use the in-app Help page or contact us through the marketing website, we collect your message details and may receive attachments (up to 5 files, 10 MB each). Support messages are delivered by email. Marketing demo requests are sent to sales@nexsysi.com.
4.11 Technical and session data
- Browser session storage: authentication token, user profile summary, organization ID, kiosk session flags
- Standard app sessions: 30-minute inactivity logout with a 2-minute warning at 25 minutes
- Kiosk mode: no inactivity timeout; secure session refreshed every 90 minutes until staff signs out
- Server-side logs may include IP addresses, request timestamps, and error information
- Traklyn does not currently use third-party behavioral analytics in the application
5. How We Use Information
- Provide the Service — scheduling, shift management, timesheets, payroll hours, documents, notifications
- Authenticate users — login, password reset, secure sessions, kiosk device authentication
- Verify identity at kiosk — PIN validation, face matching, liveness detection
- Facilitate client–agency workforce coordination
- Send transactional communications
- Provide customer support
- Maintain security and audit records
- Comply with law
We do not sell personal information. We do not use employee biometric data for advertising.
7. International Data Processing
Traklyn's primary cloud infrastructure is hosted in Canada. Some biometric processing may occur in the United States when required for identity verification features. Data may be transferred across borders as necessary to provide the Service.
8. Data Retention
| Data category | Retention approach |
|---|---|
| Active account data | Retained while the organization's subscription/account is active |
| Deactivated users | Soft-deleted; may remain until purged per customer agreement |
| Timesheets and payroll | Retained for operational and legal recordkeeping needs of the customer |
| Biometric enrollment | Retained while enrolled and kiosk is enabled; should be deleted when employment ends |
| Documents | Retained until hard-deleted by authorized user |
| Notifications | Retained in application database |
Customer organizations are responsible for defining retention periods that meet their legal obligations.
9. Security
- Password hashing and secure authentication for API access
- HTTPS for data in transit and role-based access control
- 30-minute inactivity timeout on standard app sessions
- Encrypted kiosk password storage and secure cloud infrastructure
- Signed URLs for file access (documents: 1 hour; profile images: 7 days)
No method of transmission or storage is 100% secure. Organizations are responsible for protecting account credentials and physical kiosk devices.
10. Your Rights and Choices
10.1 If Traklyn is responsible for your data
Where we are responsible for your personal information (e.g., marketing inquiries), you may request access, correction, withdrawal of consent, or deletion where applicable. Contact: privacy@nexsysi.com
10.2 If your employer uses Traklyn
Employees should contact their employer or staffing agency for access to employment records, correction of HR data, biometric enrollment questions, and deletion requests after employment ends.
10.3 Canadian privacy complaints
You may file a complaint with the Office of the Privacy Commissioner of Canada. Provincial privacy commissioners may also apply depending on your location.
11. Biometric Information
- The customer organization must provide required notice and obtain required employee consent before enrollment
- Biometric data is used only to verify identity for time punches and related timesheet records
- We do not sell biometric information
- Face templates and enrollment photos are stored using secure cloud and biometric services
- Organizations may use non-kiosk timesheet methods where configured
- Employees who withdraw consent should contact their employer for alternative time-tracking
See the Kiosk & Biometric Notice for employee-facing language.
12. Children's Privacy
Traklyn is a business workforce platform not directed to individuals under 18. We do not knowingly collect personal information from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy with a new last updated date and, for material changes, provide notice via email or in-app notification to registered administrators.
14. Contact Us
Nexsysi
- Privacy: privacy@nexsysi.com
- Support: support@traklyn.com
- Sales: sales@nexsysi.com
Appendix A — Data Inventory
| Category | Details |
|---|---|
| User roles | Platform admin, organization admin, scheduler, and employee portal access |
| Organization types | SYSTEM, Client, Agency, FullAccess, SchedulerOnly |
| File upload limits | Profile: 5 MB · Documents: 15 MB · Support: 10 MB × 5 files · Kiosk enrollment: 5 MB |
Appendix B — Email Notifications
Transactional emails may include welcome emails (with temporary passwords), password reset links, shift and schedule notifications, PayHub payroll reports with Excel attachments, and support contact forwarding.
Appendix C — Service Infrastructure
Traklyn uses authorized infrastructure providers to deliver the Service. We do not disclose specific vendor names in this public policy.
| Category | Purpose | Region |
|---|---|---|
| Cloud storage | Files, documents, and enrollment photos | Canada |
| Biometric services | Face matching and liveness verification | Canada and United States |
| Email delivery | Transactional notifications and support messages | As required for delivery |
| Application hosting | Platform APIs, database, and real-time updates | Canada |